The Covid-19 pandemic has sparked a mass exodus from offices around the world with millions of people now working from home. Hackers are already targeting them, with a particular focus on the vulnerabilities created by a workforce new to the tools and best practices needed for a cybersecure remote office.
Both the FTC and Secret Service have issued urgent warnings about increased phishing scams seeking to exploit the Covid-19 crisis. The sudden shift from face-to-face office encounters to digital communication makes possible myriad scams that are tailor-made for a newly divided workforce.
While the pantheon of "ishings" (phishing, vishing, smishing, spear phishing, and whaling) are the most common threats to a remote workforce, another easily neglected yet still prevalent threat to a business's security is caused by the devices employees use remotely.
Many businesses are as vulnerable as the least secure employee device. It's a bad situation when you consider that malware on the laptop of just one employee can hit an entire company network via shared files, folders, and email attachments.
If you're concerned about security with employees working from home, here are a few things you can do right now:
1. Require the use of a company-supplied VPN.
Having employees connect to a corporate virtual private network (VPN) helps add an extra layer of protection to company resources. At a minimum, it adds another factor of authentication and can restrict the number of people allowed on a network. The security benefits are even greater if your network has a firewall or network-level protections in place, meaning that the data being transmitted by a remotely connected employee is also filtered.
2. Standardize your platforms.
There's no shortage of ways to communicate remotely, and having too many different options makes it harder to spot suspicious activity. One outdated or pirated application on just one laptop can rapidly compromise a company network.
Choose a videoconferencing platform with the security features you need, and stick to it. Use one office productivity suite, one file-sharing platform, etc. And make sure everyone in your organization has upgraded to the most recent version of them. It's a lot easier to vet the security of your company's software and to make sure you're responding to newly discovered vulnerabilities if you know what your employees are using to transmit files and other sensitive data.
3. Update your contacts.
A remote workforce means more information is sent via mobile devices, and an office that's accustomed to in-person communication may not be able to recognize the numbers from incoming calls and texts. Although mobile numbers and email addresses can both be spoofed, it's a smart idea to have employees at least be able to confirm that any incoming communications are associated with that of a colleague.
4. Use the phone to confirm emails and texts.
A common method used in spear phishing scams is to have colleagues or co-workers request sensitive data or money via email or with communications conducted via compromised or stolen devices. The easiest way to prevent this is a quick call to confirm that a request was legitimate. It's much harder to fake a recognized voice than it is to fake an email or text message.
5. Don't be pennywise.
Covid-19 has represented a major hit to the economy, and many businesses are reluctant to spend more money than is absolutely necessary. While the thought of buying licenses for security software or more up-to-date equipment for your employees while they're staying home might not feel like a top priority, compare the cost of a major data breach from a compromised device, and then go ahead and make those acquisitions anyway.
It's crucial to bear in mind that none of these suggestions will make your company bulletproof. It's important not to downplay the wide variety of cyber-risks that can be found in any office among the savviest onsite employees. The nature of cybersecurity is that there are no guarantees. There are only best practices.
By paying extra attention to how your employees work remotely and what equipment they're using, companies can flatten the cyber-risk curve that will follow the work-from-home army waiting out the Covid-19 pandemic.